> forget it. > 1. non-free Certainly, that is something to consider, if your prejudice is that way bent. I tend to judge software more on its technical merit than on its distribution policies. At any rate, maradns is of similar design, and it is DFSG compliant, if you want yet another alternative.
> 2. author write like "alle shit then my" Uh, sure. > it can't resolv over tcp witch is need if payload break a spezified > length limit > > also bind9 can make this also You clearly don't understand what this person was asking for, or what dnscache is capable of. There seem to be a lot of people waving the 53/tcp flag lately like its some kind of huge bogon that you have to watch out for when you're building your firewall rules. I assure you, its not, its really quite simple. If, like the person who started the thread, you are simply trying to utilize a local caching resolver to speed up your DNS queries, you don't need to worry about port 53 on your external interface AT ALL and you can completely firewall it off. If your upstream ISP only accepts queries from source port 53, they are stupid and you'd be best off finding a better ISP, or just doing all the resolving yourself (probably more secure that way anyhow depending on how much you trust your upstream's DNS cache configuration). If, on the other hand, you are serving DNS records to the world at large, you already know perfectly well if you have records over 512 bytes that will require tcp transport or not, or if you need to allow zone transfers to outside parties, so the question of if you need to allow 53/tcp is already decided, all you have to do is recognise that fact. -- Jamie Heilman http://audible.transient.net/~jamie/ "It's almost impossible to overestimate the unimportance of most things." -John Logue
